Comment Re:Wrong paradigm here (Score 3, Insightful) 187
IPTables doesn't have support for application-based firewalling. You can do that kind of thing using something lilke the Grsecurity patch for the kernel, but it is not for beginners.
Grsecurity will let you create policies exactly like what you're talking about and then some. For example, it will allow you to create a policy limiting which files and folders a given program can access. To be specific, on my machine I have a policy that Firefox can only write data to it's own folders and to my Downloads directory, and can't execute/run any files inside those folders. That way, if somebody hits me with a drive-by download or something it simply won't work.